Closed sbmatrosov closed 11 months ago
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Hi @sbmatrosov thanks for flagging this, we will discuss this with the concerned team and update you shortly.
Hi @sbmatrosov can you please provide execution logs for the function app, it will help us in tracing the root cause better, thanks!
Hi, @v-vdixit I attached verbose logs and errors separately. Please take a look and tell me what you think.
2023-07-06T08:56:09Z [Verbose] Poll for.txt 2023-07-06T09:00:37Z [Error] ERROR: Cann.txt
HI @v-vdixit disregard my last message, when I was collecting logs JC were facing security incidents and they revoked all API tokens.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
I collected logs from the log stream. In case you need something else, please leave a comment, and I will provide the information asap. 2023-07-07T08:56:09Z [Verbose] Poll for.txt
Hi @sbmatrosov thanks for providing the data, we'll discuss with the team and update you shortly.
Hi @sbmatrosov we are working on this with the team, will update you shortly, thanks!
Hi @sbmatrosov we have reached out to the concerned team, will update you once we get update from them, thanks!
Hi @sbmatrosov we are still waiting for update from the concerned team, thanks!
Hi @sbmatrosov we are still waiting for update from concerned team, will update you once we hear back from them, thanks!
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Hi @sbmatrosov, waiting for update from concerned team.
Hi @sbmatrosov, waiting for update from concerned team.
Hi @sbmatrosov, waiting for update from concerned team.
Hi @sbmatrosov, can you please change the runtime version to 4 and restart the function app then check the invocation logs?
Hi @sbmatrosov, can you please change the runtime version to 4 and restart the function app then check the invocation logs?
I applied these changes and received a number of errors:
Also, the Azure App stopped working at all, so I need to turn back the runtime version to 3
I guess you need to update host.json with the following:
{ "version": "2.0", "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle", "version": "[2.6.1,3.0.0)" } }
Hi @sbmatrosov, we are checking on this and we will get back to you.
Hi @sbmatrosov, we are checking on this and we will get back to you.
Hi, is there any update on this? It has been two months since this ticket was created.
Hi @acidvelvet, I understand your concern, but we trying to reach out to the concerned team for this issue, will get back to you ASAP on this.
Hi, It seems that the issue has been forgotten. Is there any update on this?
Hi @sbmatrosov, apologies for delay, we have reached out to the concerned team, we are waiting for response on it, once we get an update we will reach out to you.
Hi @sbmatrosov, we have reached out to the concerned team, we are waiting for response on it, once we get an update we will reach out to you.
Hi @sbmatrosov, we have reached out to the concerned team, we are waiting for response on it, once we get an update we will reach out to you.
Hi @sbmatrosov, we have reached out to the concerned team, we are waiting for response on it. Will provide you an update by 11 Oct 2023
Great thanks! Looking forward to it! I hope we can fix this year!
Hi @sbmatrosov, sure, we are our trying our best to resolve this issue at earliest. Please provide us more time till 17 Oct 2023.
Hi @sbmatrosov, we are still investigation on this issue, please provide us more time till 20 Oct 2023.
I was passing by and saw that 20 Oct 2023 had been passed 5 days ago. What really bothers me is that the issue open only by me.
Hi @sbmatrosov, sorry for the delay, sincere apologies, we have tried from our end to reproduce this issue but unfortunately we are not able to achieve that, we would require your help in this case, can you please share us your availability? My email ID - v-rbajaj@microsoft.com
Hi @sbmatrosov, Gentle Reminder: We are awaiting for your response on this issue. If you still need to keep this issue active please respond on it in the next 2 days .. If we don't receive response, we will be close this issue.
Hi, I send you an email.
Hi @sbmatrosov, I have scheduled for 3:30 PM IST time, please let me know if you are available. Thanks. You can ping me on Microsoft Teams as well to discuss further on availability.
Hi @sbmatrosov, we have reached out to concerned team, and we will get back to you by 9 Nov 2023.
Hi @sbmatrosov, we have reached out to concerned team, and we will get back to you by 15 Nov 2023.
Hi @sbmatrosov, Thank you for your diligence in identifying a potential workaround for the issue in our community-supported data connector. We offer two viable paths for resolution and invite your active participation. Should you find it feasible, we encourage you to take the lead in addressing the matter by submitting a Pull Request containing the proposed fix. Alternatively, if contributing directly poses challenges, rest assured that we are prepared to assume responsibility for this issue and incorporate it into our backlog.
Your collaboration is invaluable to us, and we deeply appreciate your commitment to enhancing our data connector. As we initiate the resolution process, we consider this issue currently closed.
Still its not working , getting below error post configuring the connector from github repo for sentinel for jumpcloud
28/8/2024, 4:40:00 pm
Information
Executing 'Functions.JCTimerTrigger' (Reason='Timer fired at 2024-08-28T11:10:00.0002776+00:00', Id=826347d8-0680-4a7e-b12f-1962f403082d)
28/8/2024, 4:40:00 pm
Information
INFORMATION: JumpCloud timer triggered and is running on time! TIME: 08/28/2024 11:10:00
28/8/2024, 4:40:01 pm
Warning
The Function app may be missing a module containing the 'New-AzStorageContext' command definition. If this command belongs to a module available on the PowerShell Gallery, add a reference to this module to requirements.psd1. Make sure this module is compatible with PowerShell 7. For more details, see https://aka.ms/functions-powershell-managed-dependency. If the module is installed but you are still getting this error, try to import the module explicitly by invoking Import-Module just before the command that produces the error: this will not fix the issue but will expose the root cause.
28/8/2024, 4:40:01 pm
Error
28/8/2024, 4:40:01 pm
Error
ERROR: The term 'New-AzStorageContext' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Exception : Type : System.Management.Automation.CommandNotFoundException ErrorRecord : Exception : Type : System.Management.Automation.ParentContainsErrorRecordException Message : The term 'New-AzStorageContext' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. HResult : -2146233087 TargetObject : New-AzStorageContext CategoryInfo : ObjectNotFound: (New-AzStorageContext:String) [], ParentContainsErrorRecordException FullyQualifiedErrorId : CommandNotFoundException InvocationInfo : ScriptLineNumber : 22 OffsetInLine : 15 HistoryId : 1 ScriptName : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 Line : $JCstorage = New-AzStorageContext -ConnectionString $AzureWebJobsStorage PositionMessage : At C:\home\site\wwwroot\JCTimerTrigger\run.ps1:22 char:15 + $JCstorage = New-AzStorageContext -ConnectionString $AzureWebJobsSto … + ~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 InvocationName : New-AzStorageContext CommandOrigin : Internal ScriptStackTrace : at 1 useLocalScope) at System.Management.Automation.ExecutionContext.CreateCommand(String command, Boolean dotSource) at System.Management.Automation.PipelineOps.AddCommand(PipelineProcessor pipe, CommandParameterInternal[] commandElements, CommandBaseAst commandBaseAst, CommandRedirection[] redirections, ExecutionContext context) at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext) at System.Management.Automation.Interpreter.ActionCallInstruction
6.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) Message : The term 'New-AzStorageContext' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Data : System.Collections.ListDictionaryInternal Source : System.Management.Automation HResult : -2146233087 TargetObject : New-AzStorageContext CategoryInfo : ObjectNotFound: (New-AzStorageContext:String) [], CommandNotFoundException FullyQualifiedErrorId : CommandNotFoundException InvocationInfo : ScriptLineNumber : 22 OffsetInLine : 15 HistoryId : 1 ScriptName : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 Line : $JCstorage = New-AzStorageContext -ConnectionString $AzureWebJobsStorage PositionMessage : At C:\home\site\wwwroot\JCTimerTrigger\run.ps1:22 char:15 + $JCstorage = New-AzStorageContext -ConnectionString $AzureWebJobsSto … + ~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 InvocationName : New-AzStorageContext CommandOrigin : Internal ScriptStackTrace : at ~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 InvocationName : Get-AzstorageQueue CommandOrigin : Internal ScriptStackTrace : at 1 useLocalScope) at System.Management.Automation.ExecutionContext.CreateCommand(String command, Boolean dotSource) at System.Management.Automation.PipelineOps.AddCommand(PipelineProcessor pipe, CommandParameterInternal[] commandElements, CommandBaseAst commandBaseAst, CommandRedirection[] redirections, ExecutionContext context) at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext) at System.Management.Automation.Interpreter.ActionCallInstruction
6.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) Message : The term 'Get-AzstorageQueue' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Data : System.Collections.ListDictionaryInternal Source : System.Management.Automation HResult : -2146233087 TargetObject : Get-AzstorageQueue CategoryInfo : ObjectNotFound: (Get-AzstorageQueue:String) [], CommandNotFoundException FullyQualifiedErrorId : CommandNotFoundException InvocationInfo : ScriptLineNumber : 25 OffsetInLine : 6 HistoryId : 1 ScriptName : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 Line : if(( Get-AzstorageQueue -context $JCStorage -Name $JCQueuename -ErrorAction SilentlyContinue ).name ){ PositionMessage : At C:\home\site\wwwroot\JCTimerTrigger\run.ps1:25 char:6 + if(( Get-AzstorageQueue -context $JCStorage -Name $JCQueuename -Error … + ~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 InvocationName : Get-AzstorageQueue CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at ~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCTimerTrigger PSCommandPath : C:\home\site\wwwroot\JCTimerTrigger\run.ps1 CommandOrigin : Internal ScriptStackTrace : at
Describe the bug I have an Azure Function App that utilizes a PowerShell script to call the JumpCloud Directory Insights API and retrieves logs from different services. However, despite proper configuration, the script is not retrieving logs from some services (mdm and software).
To Reproduce Steps to reproduce the behavior:
1.Configure the Azure Function App with necessary bindings and environment variables.
Expected behavior I expected the script to retrieve logs from all specified services, including mdm and software, and post them to the Log Analytics workspace.
Additional context We have already checked the configuration of the Azure Function App and verified that it is set up correctly to retrieve logs from the specified services. We have also tested the API separately and confirmed that it is capable of retrieving logs from the mdm and software services. This seems to be an issue with the PowerShell script or the way the Azure Function App is processing the script. link to connector https://github.com/Azure/Azure-Sentinel/tree/449788b130a598fc381ec07f967e91ee3df62787/DataConnectors/JumpCloud%20Single%20Sign%20On